JOURNAL OF CRITICAL REVIEWS

ISSN- 2394-5125 VOL 7, ISSUE 19, 2020

BLOCKCHAIN BASED SECURE DATA STORAGE

AND ACCESS CONTROL SYSTEM USING IPFS
Shubham Desai1, Rahul Shelke2, Onkar Deshmukh3, Harish Choudhary4, Prof. Santosh S. Sambare5
1,2,3,4,5
Department of Computer Engineering, PCCOE, Pune, 411044
E-mail: [email protected], [email protected], [email protected],
[email protected], [email protected]

ABSTRACT—Today’s cloud storage is completely dependent exclusively on large storage providers. These
storage providers act as un trusted third parties, which transacts the data for storing, sending and receiving the
data from an organization.Thistypeofmodelpossessesanumberofissueslike high operational cost, data availability
and datasecurity. Inthispaper,weintroduceaprototypeofmulti-usersystemfor access control to datasets that uses
blockchain technology to provide a secured distributed data storage. The system allows the data owner to upload
the data through a Web Portal. So, the user who has the secret key of particular data which was uploaded on
Cloud in the encrypted form can only access the file. Finally, the system supports the privacy of data by
ensuringtheimmutabilitypropertyoftheblockchainbystoring them on cloud. We proposed blockchain based
secure data storage and access control system to harden the security of cloud storage

KEYWORDS: Blockchain, IPFS Distributed Cloud, SmartContract, Encryption, Decryption

I. INTRODUCTION

There has been a challenge in the modern period of storing large amount of data for big organizations. So, these
organizations have turned to cloud storage, which has excellent properties for storing, sharing and transferring
the data. The main problems faced by cloud computing are preserving confidentiality and integrity of data in
aiding data security. Most of the users prefer cloud to store their personal data. However ,there are some security
problems and copyright aspect associated with the data. The essential problem while transferring data to the
external environment is that, anyone other than the owner can get access to the information. Cloud providers do
not ensure the high level of protection required for appropriate data security and privacy. Currently, there are not
many tools and techniques available to protect data stored on cloud servers.

To overcome this problem this paper presents the system which provides the storing of data with the help of
Block chain based Secure Data Storage and Access System. In this paper, we propose to use Block chain as a
trusted environment to harden the security of cloud storage, and to defend exploitation attacks.

A blockchain is a distributed database that is tamper-resistant and decentralized, and tracks transactions through
a peer-to-peer public or private network. Distributed to all member nodes in the network, the ledger permanently
records the transactional data between the nodes in the network of an ordered chain of cryptographic hash-
linked blocks. All authenticated and approved transaction blocks are associated and linked to the key current
block from the beginning of the chain, thus the block chain term. The block chain therefore acts as a single
source of truth, and all the members in a block chain network can view only those transactions that
areadmissible to them.[1]

A blockchainisthetechnologythatallowsallmemberstokeep a ledger containing all transaction data and

to upgrade their ledgers to maintain integrity when there is a new transaction. Since the proliferation of the
Internet and encryption technology has allowed all participants to check a transaction's authenticity, the single
point of failure arising from the overdependence on an approved third party has been resolved. A blockchain is
type of distributed ledger for maintaining a permanent and tamper-proof record of transactionaldata.

The blockchain is a structured list that stores data in a manner similar to the distributed database and is intended
to make it impossible to manipulate arbitrarily because the network participants save and validate the
blockchain. Every block comprises a header and a body. The header contains the hash values of the previous
and existing blocks and nonce keys. The block data is checked in the database using the index method.Since the
hash values recorded in each peer in the block are influenced by the parameters of the previous blocks, it is very
challenging to falsify and modify the registered data.[2]

1254
 JOURNAL OF CRITICAL
REVIEWS
ISSN- 2394-5125 VOL 7, ISSUE 19, 2020

II. ADVANTAGES OF BLOCKCHAIN

The immutability property of the Blockchain is achieved on the transactions are agreed and shared
across the Blockchain. When the transaction will be connected to the Blockchain, it won’t be possible to change
or delete it. It also depends on the system’s kind – if the system is centralized, it can be changed or deleted,
because the decision is made by one person. But if the system is decentralized, such as the Blockchain, there
each transaction, which is joined to the Blockchain, is copied to each computer
inthisBlockchainnetwork.ThisbenefitmakestheBlockchain technology unalterable andindestructible.

The transparency property of the Blockchain is achieved on the transactions copying process. As it was
written above, each transaction is copied to either computer in the Blockchain network. Every participant can
look all transactions, also it means, that each action is showed to participants of the Blockchain.[3]

Smart Contracts:
Asmartcontractisexecutablecodethatrunsontheblockchain to facilitate, execute and enforce the terms of
an agreement between untrusted parties. The main aim of a smart contractis to automatically execute the terms
of an agreement once the specified conditions are met. Thus, smart contracts promise low transaction fees
compared to traditional systems that requireatrustedthirdpartytoenforceandexecutethetermsof an agreement.
There are different blockchain platforms that can be utilized to develop smart contracts, but Ethereum isthe most
common one. This is because Ethereum’s language supports Turing-completeness feature that allows creating
more advanced and customizedcontracts.[4]

III. RELATED WORK

Mr. Anup R. Nimje, Prof. V. T. Gaikwad and Prof.

H. N. Datir [5] has compared seven different attribute-based encryption techniques namely ABE, KP-ABE,
EKP-ABE, CP-ABE, CP-ASBE, HIBE, HABE, HASBE and concluded that Hierarchical attribute-based
encryption (HASBE) provides the
best access control mechanism. It is flexible and most efficient with less computation overhead than other
techniques. The HASBE scheme is composed of hierarchical structure of system users by using a delegation
algorithm to CP-ASBE. HASBE scheme supports compound attributes due to flexible and robust attribute set
combinations as well as achieves efficient user revocation because of attributes assigned multiple values.

Pooja More [6] proposed a cloud data security using Attribute-based Key Aggregate Cryptosystem. The system
uses trapdoor key and searchable keywords to search the document stored on cloud. Once the document is
fetched, it makes use of aggregate key to decrypt and download a
particulardocumentfromthepoolofdocuments.Thetrapdoor key is publicly available for a particular group but the
access of aggregate key is based on data owner’s attributes. The system makes use of CP-ABE scheme with a
fixed size of ciphertext and key, which increases its efficiency i.e.two separate files are formed, one file for key
and another file for set of attributes instead of linking attributes of user to akey.

Ilya Sukhodolskiy, Sergey Zapechnikov [7]proposed a blockchain-based access control system for cloud
storage. It provides a model to access data stored in untrusted environments i.e. cloud storage. The data for
example, multimedia information, documents, etc. will be stored in
cloudstorage,whereintheinformationidentifyingthefile,will only be available on the blockchain. The data stored
in blockchain is public so it encrypted before sending to storage and control access to it. The user wishing to
read a file must matchtheaccesspolicyandhavethenecessarykeystodecrypt and download it. The keys for
decryption are provided by the data owner. The important benefits of access control system are: the ability of
dynamic access policies, the ability to customize the access policy for encrypted data without duplication, access
policy change does not require additional actionsfromothermembers,whichmaketheuserkeysremain unchanged,
the integrity and confidentiality of information aboutalltransactions,includinggrantingandchangingaccess, facts
gain access to file, rejection of fact and the inability to edit and modify these data is guaranteed by using
blockchain and smartcontracts.

Maximilian Wöhrer and Uwe Zdun [8] has outlined six design patterns namely rate limit pattern, speed bump
pattern, mutex pattern, balance pattern, check-effects-interaction pattern and emergency stop pattern that address
security issues when coding smart contracts in Solidity. These patterns solve the problem of lack of execution
control once the contract is deployed, resulting from the distributed execution environmentprovided by
Ethereum. This one-of-a-kind characteristic of Ethereum allows programs on the blockchain to be executed
autonomously, but also has drawbacks. These drawbacks appear in different forms, either as harmful callbacks,

1255
 JOURNAL OF CRITICAL
REVIEWS
ISSN- 2394-5125 VOL 7, ISSUE 19, 2020

adverse circumstances on how and when functions are executed, or uncontrollably high financial risks at stake.
By applying the presented patterns, we can address the sesecurity problems and mitigate typical attacks
cenarios.

IV.PROPOSED SYSTEM

Cloud Technology is one of the most emphasizing and useful technology in the current era. Cloud storage has
provided digital storage solution that utilizes multiple servers across different locations to safely store the data.
In the past few years, cloud storage has grown in different sectors and has become a direct challenger to local
storage. Nowadays cloud technology has become a promising computing paradigm located at different third-
party service provider. The cloud provides the service of data storage which enables data owner to store their
data on the cloud and give access to the organizations who needs that data.

[9] Although cloud computing brings many benefits, there are many unavoidable security problems. Some
security issues related to cloud storage are as follows-

1. Data privacy–
Youdon’twantanybodytoaccessyourdataunless you allow them to. Privacy is the ability of the individual or
group to separate themselves or to disclose information about themselves selectively. It also allow consumers to
regulate their data when data is stored and handled in the cloud, and prevent theft, nefarious use, and
unauthorized resale.This is easy enough to maintain when you store data on-site, but what about in the cloud?
Because your data is stored lsewhere, it might beimpossibletoknowjusthowclosedoffitis.Howcan you be sure no
one can access it when you don’t maintain the servers it’s stored on? When you migrate sensitive data to the
cloud, be aware that you might be losing essential privacy controls.

2. Lack of control –
When you rely on a third-party to store data for you, you’re lifting a lot of responsibility off of your shoulders.
This is a double-edged sword, however. On one hand, you won’t have to manage your data- on the other hand,
somebody else will. If something affects your storage provider, like outages or malware infections that will
directly impact access to your data. You’llhavetorelyontheprovidertofixtheissues.The more time your data
spends unprotected, the riskier it becomes.

3. Dataleakage –
A large part of secure data storage is making sure no one outside your organization tries to access your data.
Another part is making sure your data isn’t sentto anyone outside your organization. Data leakage can cause
serious problems since it could expose business- critical or private data to externalsources.

4. Data Breaches –
Theseare the consequence of an assault or negligence and mistake by the worker. This is the main
source of worry on cloud systems. Vulnerabilities in the implementation or inadequate safety procedures may
also trigger information breaches. Employees may log into
cloud applications from their devices or private laptops,
thereby exposing the scheme to targeted attacks.The data
includes any kind of information not intended for public disclosure, including personal health information,
financial information, personally identifiable information, trade secrets, and intellectual property.

5. System Vulnerabilities –
Cloud computing devices may involve system vulnerabilities, particularly in networks with complicated
infrastructures and various third-party applications. Once vulnerability has been identified with a common third-
party system, it can be readily used against organizations.

The users of the proposed system are the citizens, government as well as private organizations. The citizens who
want to use the system registers on the website. Now he/she can upload his documents which are encrypted and
stored on IPFS distributed cloud. To provide additional security, documents are encrypted and then uploaded.

1256
 JOURNAL OF CRITICAL
REVIEWS
ISSN- 2394-5125 VOL 7, ISSUE 19, 2020

Fig. 1. System Architecture

The organization who wants to access the documents stored over the IPFS cloud, first needs to verify its
identity. After verification, the organization searches the desired document using user’s id. The user shares the
public key for each document only with those
organizationswhoareverifiedbytheadministrator.Ifaorganizationfinds desired document, he/she will request theuser
to access document stored on blockchain. When a user receives a request, it sends transaction id(hash) to the
organization who requested to access the document. The organizationqueries the blockchain with transaction id
and retrieves the document hash. Noworganization can decrypt the encrypted document stored on IPFS and
download the requestedfile.
The proposed system is developed using React framework with firebase database and Blockchain smart contract
to provide secure document upload.

V. ANALYSIS OFALGORITHM

AES256-

The AES algorithm is a subset of Rijndael algorithm and is a block cipher, meaning that it operates on an input
block of the data of a concise and outputs a block of data that is the same size.An input key is also required as an
input to the AES algorithm. it allows data length of 128,192 and 256 bits and supporting three different key
lengths 128,192 and 256 bits.The AES algorithm is a symmetric key algorithm which means the same key is
used to both encrypt and decrypt data. Also, the ciphertext produced by the AES algorithm is of the same size
ofthe plain text data. In our system, we are using AES256 encryption algorithm.To analyze the data stored on
the cloud we created a set of text files that are less than or equal 6MB.

Figure.2 shows relationship encryption time in seconds with file size in KB’s using AES256 encryption
algorithm.

Fig. 2. Relation between Encryption Time vs File size.

1257
 JOURNAL OF CRITICAL
REVIEWS
ISSN- 2394-5125 VOL 7, ISSUE 19, 2020

We observed that as the file size increases, the time taken to encrypt the file also increases gradually. curity
technologies, the hash function is an important tool that can help us to realize effective, secure and reliable
digital signatureandcertification,itisanimportantmoduleinsecurity authentication protocol. The most commonly
used hash function can be divided into the followingcategories:

VI.RESULTS

The system is divided mainly into three components: User, Government/Private Organization and Admin.

A. User
The proposed system is new approach towards traditional document sharing.
In order to upload document, every user needs to have an account to interact with the portal. So, they should
register themselves with some credentials like email address, mobile number. It consists of main module
namely: Document Upload.

a. Document Upload
The process of document upload follows in following way:
1. Once the user is registered, he/she selects the category of document.
2. Further, the respective document is browsed and selected from the local system.
3. The selected document is encrypted using AES256 algorithm with randomly generated key.
4. Encrypted document is then added to the IPFS distributed cloud and hash of the document is returned.
5. Concurrently, the smart contract is also invoked, and the returned hashis stored on blockchain with some
minimal fees.
6. After successful upload, a transaction receipt is generated which is saved on firebase database along with
the returned hash.
7. The hashes of multiple documents are stored on the smart contract.

Fig.3. Document Upload

B. Admin
They are the central authorities that verifies the authenticity of Government/Private Organizations. This builds a
trustworthy environment between user and the organizations.

C. Government/Private Organizations
Government/Private Organizations are going to access the document when required. For example, if user wants
to open a new bank account, the bank requests for identification documents and many more. The user can
provide the documents using this portal. This approach reduces the paperwork and provides efficient way of
sharing the documents. Hence, reducing the misuse of confidential documents.
The sharing is carried out using a request response mechanism. It has three modules namely: Document Search,
Request and Retrieval

1258
 JOURNAL OF CRITICAL
REVIEWS
ISSN- 2394-5125 VOL 7, ISSUE 19, 2020

a. Document Search and Request

The process of document upload follows in following way:
1. The Organization searches the User Id (UID) which displays all the documents uploaded by specific user.
2. The organization further sends request to the user for the required document, which notifies the user.
3. When the user receives the request, he/she sends the transaction hash, document hash and decryption key to
the organization.

Fig.4. Document Search and Request

b. Document Retrieval
The process of document retrieval follows in following way:
1. The organization queries the blockchain using above received transaction hash and gets the IPFS hash of
the document.
2. The retrieved hash from blockchain is compared with document hash received from user. This depicts
whether the document is tampered or not.
3. If not matched, document corrupt error is shown and reported to the user for further actions. Or else, the
document will we saved in a buffer.
4. This buffer is passed as input to AES256 decryption algorithm and the intended document is downloaded
after entering the decryption key provided after request.

VII. CONCLUSION

Proposed approach suggests prototype of secure IPFS cloud storage system using blockchain. Proposedsystem
securesthedatawhichisstoredinuntrustedenvironments.To implement the system, some of the security algorithms
have beenselectedofacceptabletimecomplexity,functionality,and efficiency. The data will be stored on the cloud,
wherein the information identifying the file, will only be available on the blockchain. The proposed model uses
AES256 encryption. To encrypt the document. The data stored in blockchain is public, so it is encrypted before
sending to storage and controlaccesstoit.The encryption key provided by data owner is used to decrypt a
document and downloadit.
The study and evaluation results demonstrate that the proposed model can provide an effective solution for
developing a realistic data sharing platform based on public cloud storage.

VIII. REFERENCES

[1] Zibin Zheng, Shaoan Xie, Hongning Dai, Xiangping Chen, and Huaimin Wang, “An Overview of
Blockchain Technology: Architecture, Consensus, and Future Trends”, IEEE International Conference on
Big Data (Bigdata congress), 2017.

[2] Jin Ho Park and Jong Hyuk Park, “Blockchain Security in Cloud Computing: Use Cases, Challenges, and

1259
 JOURNAL OF CRITICAL
REVIEWS
ISSN- 2394-5125 VOL 7, ISSUE 19, 2020

Solutions”, Department of Computer Science and Engineering, Seoul National University of Science and
Technology, (SeoulTech) 01811, Korea, 18 August2017.

[3] Julija Golosova, Andrejs Romanovs, “The Advantages and Disadvantages of the Blockchain Technology”,
IEEE 6th Workshop on Advances in Information, Electronic and Electrical Engineering (AIEEE),2018.

[4] Maher Alharby and Aad van Moorsel, “Blockchain-Based Smart Contracts: A Systematic Mapping Study”,
Fourth International Conference on Computer Science and Information Technology(CSIT), 2017.

[5] Mr. Anup R. Nimje, Prof. V. T. Gaikwad, Prof. H. N. Datir, “Blockchain Attribute-Based Encryption
Techniques in Cloud ComputingSecurity:AnOverview”,InternationalJournalof Computer Trends and
Technology, Volume 4, Issue 3-2013.

[6] Pooja More, “Cloud data security using attribute-based key-aggregate cryptosystem”,International
Conference on Wireless Communications, Signal Processing andNetworking (WiSPNET), 2016.

[7] Ilya Sukhodolskiy, Sergey Zapechnikov, “A Blockchain-Based Access Control System for Cloud Storage,”
IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElConRus),
2018.

[8] Maximilian Wöhrer, Uwe Zdun, “ Smart contracts: Security patterns in the ethereum ecosystem and
solidity”, International Workshop on Blockchain Oriented Software Engineering (IWBOSE), 2018.

[9] Naresh vurukonda, B.Thirumala Rao, “A Study on Data Storage Security Issues in Cloud Computing”, 2nd
International Conference on Intelligent Computing, Communication & Convergence,2016.

[10] H. Khali, MIEEE, R. Mehdi, A. Araar, “A System-Level architecture For Hash Message Authentication
Code”, 12th IEEE International Conference on Electronics, Circuits and Systems,2005.

[11] Aquino Valentim Mota, Sami Azam, Bharanidharan Shanmugam, Kheng Cher Yeo, Krishnan
Kannoorpatti, “Comparative Analysis of Different Techniques ofEncryption for Secured Data
Transmission”, IEEE International Conference on Power, Control, Signals and Instrumentation Engineering
(ICPCSI),2017.

1260